This article covers the step-by-step procedure to send data such as scans, scan authentication, assets, reports, compliance, and users from your Qualys instance to the Human Managed platform via API.
Human Managed will establish a connection to pull Qualys data from your instance. The Qualys API allows third parties like Human Managed platform (hm.works) to integrate with Qualys cloud security and compliance solutions using an extensible XML interface. APIs in this user guide are supported using Qualys Cloud Platform (VM, PC).
Step 1: Create a service request for Human Managed to configure the API Receiver
- Submit a request
- In the Subject, type or select Connect Qualys via API
- Once the ticket has been accepted by Human Managed and the ticket status has been updated, follow the next steps.
Step 2: Configure Qualys User Account (with access to API functions) in Qualys GUI
Authentication with valid Qualys user account credentials is required for making Qualys API requests to the Qualys API servers. If you need assistance with obtaining a Qualys account, please contact your Qualys account representative.
Users with a Qualys user account may access the API functions. When a subscription has multiple users, all users with any user role (except Contact) can use the Qualys API. Each user’s permissions correspond to their assigned user role.
Step 3: Identify Qualys API Server URL
API Conventions:
Qualys API Server URL
The Qualys API URL you use for API requests depends on the Qualys platform where your account is located. Click here to identify your Qualys platform and the API URL and replace the URL with the appropriate server URL for your account.
To find the API server URL for your account, log in to your Qualys account and go to Help > About.
Request URL
The URL for making API requests has the following structure:
https://<baseurl>/<module>/<object>/<object_id>/<operation>
where the components are described as:
| <baseurl> | The Qualys API server URL that you should use for API requests depends on the platform where your account is located. |
| <module> | The API module. For the Administration API, the module is: "am". |
| <object> | The module-specific object. |
| <object_id> | (Optional) The module-specific object ID, if appropriate. |
| <operation> | The request operation, such as count and search. |
HM’s Authentication Process:
You must authenticate to the Qualys Cloud Platform using Qualys account credentials (username and password) and get the JSON Web Token (JWT) before you start using the Administration APIs. Use Qualys Authentication to get the JWT.
For example,
curl -X POST "qualys_base_url/auth" -H "Content-Type: application/x-www-form-urlencoded" -d
where,
- qualys_base_url is the URL to the Qualys API server where your account is located. To identify your Qualys platform and get the API URL, visit: Identify your Qualys platform
- username and password are the credentials of the user account.
- token should be true.
- Content-Type should be "application/x-www-form-urlencoded"
Step 4: Submit your credentials to Human Managed
- In the same service request ticket you opened in Step 1, update the ticket with the following details:
Qualys User Account username and password – see Step 2
Qualys API Server URL - see Step 3
Comments
0 comments
Please sign in to leave a comment.